All things DevOps

First you have to make sure you are running a version of code that has encryption. See my previous article for instructions on how to upgrade the code. Once your code is upgraded, here are the steps to enable SSH on a Cisco 2950.

Generate An SSH Key

1

2

3

4

5

6

7

8

9

10

11

12

switch-2950-1.tuxlabs.com#config t

Enter configuration commands,one per line.Endwith CNTL/Z.

switch-2950-1.tuxlabs(config)#crypto key generate rsa modulus 1024

The name forthe keys will be:switch-2950-1.tuxlabs.com.tuxlabs.com

%Thekeymodulussizeis1024bits

Generating RSA keys...

[OK]

switch-2950-1.tuxlabs(config)#exit

switch-2950-1.tuxlabs.com#

Verify your key like so

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

switch-2950-1.tuxlabs.com#show crypto key mypubkey rsa

%Keypairwasgeneratedat:00:10:35UTCMar11993

Key name:switch-2950-1.tuxlabs.com.tuxlabs.com

Usage:General Purpose Key

Key Data:

30819F300D06092A864886F70D010101050003818D0030818902818100E6AA25

8DB58145F882CD0BC62F5123AB0064A6A09BD636FA854D82B1510A313A00606E

00F601F1ECF64FCC0F516E73E80E09619CCCE91B5C3D59194803B80504AC2633

9D0A32E80196F5725CE9FFF4A5C27FC4698DE75BF057380422D0CCFE58936F4E

5BE394F43BDED1ACDC1BF1C95E71ABD534F1C21ECDA47B7E72D40C346B0203010001

%Keypairwasgeneratedat:00:10:41UTCMar11993

Key name:switch-2950-1.tuxlabs.com.tuxlabs.com.server

Usage:Encryption Key

Key Data:

307C300D06092A864886F70D0101010500036B0030680261009F33542ECB6FB6

7A19D04D929FEB3805145D39C9DB6CAB5AC1A26214FEFFBCDE6E5FA98565BEA6

1A888A92C7D1ED2E DB8D3894 D972C9AE853DFB988261D5180F8A994C9293C49C

0E946A950F89EA0845E4DCB774F5A23CCDC5938C CD01C6C14D0203010001

switch-2950-1.tuxlabs.com#

Wow 1993, feels good to be a time machine 🙂

Configure the allowed number of retries

1

2

3

4

5

switch-2950-1.tuxlabs.com#config t

Enter configuration commands,one per line.Endwith CNTL/Z.

switch-2950-1.tuxlabs(config)#ip ssh authentication-retries 5

switch-2950-1.tuxlabs(config)#exit

switch-2950-1.tuxlabs.com#

Enabling SSH on the VTYs

1

2

3

4

5

6

7

8

9

10

11

12

13

14

switch-2950-1.tuxlabs.com#config t

Enter configuration commands,one per line.Endwith CNTL/Z.

switch-2950-1.tuxlabs(config)#line vty 0 4

switch-2950-1.tu(config-line)#login local

switch-2950-1.tu(config-line)#transport input ssh

switch-2950-1.tu(config-line)#line vty 5 15

switch-2950-1.tu(config-line)#login local

switch-2950-1.tu(config-line)#transport input ssh

switch-2950-1.tu(config-line)#exit

switch-2950-1.tuxlabs(config)#exit

switch-2950-1.tuxlabs.com#wr mem

Building configuration...

[OK]

switch-2950-1.tuxlabs.com#

Configuring A Username

When you’re running telnet you don’t need a username. But when you are using SSH, you do.